[arch-proaudio] 4.14.18-rt15 Intel Spectre v2 broken microcode detected

Ralf Mardorf ralf.mardorf at alice-dsl.net
Sat Feb 10 15:53:37 UTC 2018


On Sat, 10 Feb 2018 16:09:17 +0100, Joakim Hernberg wrote:
>On Sat, 10 Feb 2018 16:00:14 +0100 Ralf Mardorf wrote:
>> cat /sys/devices/system/cpu/vulnerabilities/*
>> Mitigation: PTI
>> Mitigation: __user pointer sanitization
>> Mitigation: Full generic retpoline
>> 
>> ...means that they are enabled?  
>
>Yes, how well they protect the system is of course another question,
>and I'm not 100% sure where the Intel ucode fits in all this.  But it
>seems fairly clear that Intel dropped the ball on all of this including
>firmware updates...

I see. Apart from the µcode the kernel already includes the page-table
isolation patch set. When booting with "nopti" the output for "meltdown"
is "Vulnerable".

[rocketmouse at archlinux ~]$ grep Securityink_nopti -B3 -A5 /boot/syslinux/syslinux.cfg

# "KPTI was merged into Linux kernel version 4.15,[snip] and backported to Linux kernels 4.14.11, 4.9.75, 4.4.110."
# - https://en.wikipedia.org/wiki/Kernel_page-table_isolation
LABEL Securityink_nopti
    MENU LABEL Arch Linux Rt Securityink nopt^i
    LINUX ../vmlinuz-linux-rt-securityink
    APPEND root=LABEL=archlinux ro nopti
    INITRD ../intel-ucode.img,../initramfs-linux-rt-securityink.img

[rocketmouse at archlinux ~]$ ls -hAl /sys/devices/system/cpu/vulnerabilities/
total 0
-r--r--r-- 1 root root 4.0K Feb 10 16:44 meltdown
-r--r--r-- 1 root root 4.0K Feb 10 16:44 spectre_v1
-r--r--r-- 1 root root 4.0K Feb 10 16:44 spectre_v2
[rocketmouse at archlinux ~]$ cat /sys/devices/system/cpu/vulnerabilities/*
Vulnerable
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline


More information about the arch-proaudio mailing list